
<?php
//NEED TO ADD VALIDATION


require 'PasswordHash.php';


class DBRequestHandler{
        
    private $conn;
    
    function __construct(){
    }   

    /*special function for handling sql error messages*/
    function fail($pub, $pvt = '')
    {
        $msg = $pub;
        if ($pvt !== '')
            $msg .= ": $pvt";
        exit("An error occurred ($msg).\n");
    }   
    /**
     * return: 0 = success
     * return: 1 = username or password too short
     * return 2 = duplicate user
     */
    public function newUser ($uname, $pass, $fname, $lname, $email){        
        
        
        // Base-2 logarithm of the iteration count used for password stretching
        $hash_cost_log2 = 8;
        // Do we require the hashes to be portable to older systems (less secure)?
        $hash_portable = FALSE; 
        
        if (strlen($uname) < 6 || strlen($pass) < 6){                
            return 1;
        }
        
        //hash password
        $hasher = new PasswordHash($hash_cost_log2, $hash_portable);
        $hash = $hasher->HashPassword($pass);
        if (strlen($hash) < 20){ //hasher will not produce less than 20 characters
            fail('Failed to hash new password');
        }
        unset($hasher);
        //echo($hash);
        
        
        $api = $this->makeAPIKey(); 
        
        //connect to database
        require_once 'connect.php';
        $dbc = new connect_DB;
        $this->conn = $dbc->connect();

        
        //add user to database            
        if(!($stmt = $this->conn->prepare("INSERT INTO Users (UserName,
        Password, FirstName, LastName, Email, API) values (?, ?, ?, ?, ?, ?)"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;  
        }
        
        if (!($stmt->bind_param("ssssss", $uname, $hash, $fname, $lname, $email, $api))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;

        }
        
        if(!($stmt->execute())){
           if ($stmt->errno === 1062){               
               $stmt->close();       
               return 2;
           }//error code for duplicate user 
           else {
            $stmt->close();
               return 1;   
           }
        }
        else{           
           $stmt->close();
           return 0;             
        }
    }
    
    public function authenticate($user, $pass){

        /* passhash and validation based on tutorial from 
         * http://www.openwall.com/articles/PHP-Users-Passwords
         */
        // Base-2 logarithm of the iteration count used for password stretching
        $hash_cost_log2 = 8;
        // Do we require the hashes to be portable to older systems (less secure)?
        $hash_portable = FALSE;
        
        $hasher = new PasswordHash($hash_cost_log2, $hash_portable);
        
        require_once 'connect.php';
        $dbc = new connect_DB;
        $this->conn = $dbc->connect();     
        
        $hash = '*'; // In case the user is not found
        if(!($stmt = $this->conn->prepare('SELECT Password FROM Users WHERE UserName = ?'))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        if(!($stmt->bind_param('s', $user))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
        }
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }
        
        if(!($stmt->bind_result($hash))){
            echo "Binding result failed: (".$stmt->errno.") ". $stmt->error;
        }
               
        //only report database errors here; invalid user/pass to be determined below
        if(!$stmt->fetch()){
            if ($stmt->errno != 0){
            echo "Fetch failed: (".$stmt->errno.") ". $stmt->error;
            }
        }

        /*check for valid username and password and all user to
         * proceed if confirmed
         */
        $result = array();
        if ($hasher->CheckPassword($pass, $hash)) {
            $result[0] = 0;
            $result[1] = $this->getAPI($user);
            $result[2] = $user;            
        }
        else{
            $result[0] = 1;
        }               
        return $result;
    }

    private function getAPI($user){
        require_once 'connect.php';
        $dbc = new connect_DB;
        $this->conn = $dbc->connect();
        
        if(!($stmt = $this->conn->prepare('SELECT API FROM Users WHERE UserName = ?'))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        if(!($stmt->bind_param('s', $user))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
        }
        
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }
        
        
        if(!($stmt->bind_result($API))){
            echo "Binding result failed: (".$stmt->errno.") ". $stmt->error;
        }               

        if(!$stmt->fetch()){            
            echo "Fetch failed: (".$stmt->errno.") ". $stmt->error;            
        }
        return $API;
         
    }

    private function makeAPIKey()
    {
        return md5(uniqid(rand(), true));
                
    }    
    
    public function newItem ($id, $name, $serial){
                                   
        //connect to database
        require_once 'connect.php';
        $dbc = new connect_DB;
        $this->conn = $dbc->connect();
        
        //check for repeat serial number
        if(!($stmt = $this->conn->prepare('SELECT ItemId FROM Items WHERE SerialNum = ?'))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        if(!($stmt->bind_param('s', $serial))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
        }
        
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }        
        
        $resultID = 0;        
        if(!($stmt->bind_result($resultID))){
            echo "Binding result failed: (".$stmt->errno.") ". $stmt->error;
        }               
        
        if ($stmt->fetch()){
            //echo($resultID);    
            if ($resultID != 0){
                return 3;                
            }
        }
        
        
        $stmt->close();
                    

        
        //add ITEM to database            
        if(!($stmt = $this->conn->prepare("INSERT INTO Items (ItemID, Name, SerialNum) values (?, ?, ?);"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;  
        }
        
        if (!($stmt->bind_param("iss", $id, $name, $serial))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;

        }
        
        if(!($stmt->execute())){
           if ($stmt->errno === 1062){               
               $stmt->close();       
               return 2;
           }//error code for duplicate item
           else {
               $stmt->close();
               return 1;
           }
        }
        else{           
           $stmt->close();
           return 0;             
        }
    } 

        /**
         * 
         */
        public function editItemAttributes ($itemID, $name, $serial, $acc, $sf, $os, $pgs, $othi){
                                   
        //connect to database
        require_once 'connect.php';
        $dbc = new connect_DB;
        $this->conn = $dbc->connect();
       
        //create array of categories in database table for table populating loop
        $field = array();
        $field[0] = 'Name';
        $field[1] = 'SerialNum';
        $field[2] = 'Accessory';
        $field[3] = 'SpecialFeature';
        $field[4] = 'OperatingSystem';
        $field[5] = 'Pages';
        $field[6] = 'OtherInfo';
        

        //put input variables into array for table-populating loop
        $input = array();
        $input[0] = $name;
        $input[1] = $serial;
        $input[2] = $acc; 
        $input[3] = $sf;
        $input[4] = $os;
        $input[5] = $pgs;
        $input[6] = $othi;
        
        //initialize result array to indicate failure on all adds
        $result = array();
        for($i = 0; $i < 7; $i++){
           $result[$i] = 1;
        }
        
        //attempt to add all specified fields to specified item         
        for($i = 0; $i < 7; $i++){
            
            //name of field affected    
            $fieldName = $field[$i];
            
            //empty fields get changed to "N/A"
            if ($input[$i] == NULL || $input[$i] == "" || $input[$i] == null || $input[$i] == "null"){
                $input[$i] = "N/A";
                //custom handler for pages: set to 0.
            }
            
            
            //update field pdate database entry  
            if(!($stmt = $this->conn->prepare("UPDATE Items SET $fieldName = ? WHERE ItemID = ?;"))){
                echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;  
            }
        
            if (!($stmt->bind_param("si", $input[$i], $itemID))){
                echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            }
        
            if(!($stmt->execute())){
                echo "execute failed (".$stmt->errno.") ". $stmt->error;
            }
            $stmt->close(); 
            $result[$i] = 0;             
        
        }
        return $result;
    }
        
        /**
         * 
         */
        public function addNewItem ($id, $name, $serial, $acc, $sf, $os, $pgs, $othi){
                                   
        //connect to database
        require_once 'connect.php';
        $dbc = new connect_DB;
        $this->conn = $dbc->connect();
       
        //create array of categories in database table for table populating loop
        $field = array();
        $field[0] = 'ItemID';
        $field[1] = 'Name';
        $field[2] = 'SerialNum';
        $field[3] = 'Accessory';
        $field[4] = 'SpecialFeature';
        $field[5] = 'OperatingSystem';
        $field[6] = 'Pages';
        $field[7] = 'OtherInfo';
        
        
        
        //put input variables into array for table-populating loop
        $input = array();
        $input[0] = $id;
        $input[1] = $name;
        $input[2] = $serial;
        $input[3] = $acc; 
        $input[4] = $sf;
        $input[5] = $os;
        $input[6] = $pgs;
        $input[7] = $othi;
        

        //check for repeat serial number
        if(!($stmt = $this->conn->prepare('SELECT ItemId FROM Items WHERE SerialNum = ?'))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        if(!($stmt->bind_param('s', $serial))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
        }
        
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }        
        
        $resultID = 0;        
        if(!($stmt->bind_result($resultID))){
            echo "Binding result failed: (".$stmt->errno.") ". $stmt->error;
        }               
        
        if ($stmt->fetch()){
            //echo($resultID);    
            if ($resultID != 0){
                return 3;                
            }
        }
        
        
        $stmt->close();
                    
        $costatus = "in";
        
        //add ITEM to database            
        if(!($stmt = $this->conn->prepare("INSERT INTO Items (ItemID, Name, SerialNum, Accessory, SpecialFeature, OperatingSystem, Pages, OtherInfo, CheckoutStatus) 
            values (?, ?, ?, ?, ?, ?, ?, ?, ?);"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;  
        }
        
        if (!($stmt->bind_param("isssssiss", $id, $name, $serial, $acc, $sf, $os, $pgs, $othi, $costatus))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;

        }
        
        if(!($stmt->execute())){
           if ($stmt->errno === 1062){               
               $stmt->close();       
               return 2;
           }//error code for duplicate item
           else {
               $stmt->close();
               return 1;
           }
        }
        else{           
           $stmt->close();
           return 0;             
        }
    } 
    
    /**
     * Method to get item list for inventory display
     */
    public function getItemList (){
                                   
    //connect to database
    require_once 'connect.php';
    $dbc = new connect_DB;
    $this->conn = $dbc->connect();
    
    
    //get values for array
    if(!($stmt = $this->conn->prepare('SELECT Name, ItemId, CheckoutStatus  FROM Items'))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
    
    if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
    }
    
    if(!$stmt->bind_result($name, $id, $coStatus)){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
    }
    
    $stmt->store_result();
    
    
    $result = array();
    while($stmt->fetch()){ 
        
        //push values to result array 
        array_push($result, "ID: " . $id . "\nName: ". $name . "\nChecked In/Out: " . $coStatus); //display string
        array_push($result, $id); //id array
    }
    $stmt->close();
    return $result;
    }
    
    
    
     /**
     * Method to get item list for inventory display
     */
    public function getItemDetail ($itemID){
        
    $result = array();   
    
                                   
    //connect to database
    require_once 'connect.php';
    $dbc = new connect_DB;
    $this->conn = $dbc->connect();
    
    
    //get values for array
    if(!($stmt = $this->conn->prepare('SELECT ItemID, Name, SerialNum, Accessory, SpecialFeature,
    OperatingSystem, Pages, OtherInfo, CheckoutStatus FROM Items WHERE ItemID = ?'))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
    
    if(!($stmt->bind_param('i', $itemID))){
        echo "Binding Failed (".$stmt->errno.") ". $stmt->error;
    }
    
    if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
    }
    
    if(!($stmt->bind_result($ID, $name, $serial, $accessory, $specialfeature, $os, $pages, $otherInfo, $coStatus))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
    }
    
    if (!($stmt->fetch())){
        echo "Fetch Failed: (".$stmt->errno.") ". $stmt->error;
        $result[0] = 1;                
    }    
    
    
    else{     
    $result[0] = 0;
    $result[1] = $ID;
    $result[2] = $name;
    $result[3] = $serial;
    $result[4] = $accessory;
    $result[5] = $specialfeature;
    $result[6] = $os;
    $result[7] = $pages;
    $result[8] = $otherInfo;
    $result[9] = $coStatus;   
    }
    
    $stmt->close();    
    return $result;
    
    }
    
    
    /**
     * Method to checkout item
     */
    public function checkoutItem ($itemID, $user){
    
    //result variable, defaulted to failure.  success sets to 0.
    $result = 1;
        
    //connect to database
    require_once 'connect.php';
    $dbc = new connect_DB;
    $this->conn = $dbc->connect();
    
    //http://stackoverflow.com/questions/9541029/insert-current-date-in-datetime-format-mysql
    $mysqltime = date("Y-m-d H:i:s");
        
        //add ITEM to database            
        if(!($stmt = $this->conn->prepare("INSERT INTO Checkout_Log (ItemID, UserName, DateOut) values (?, ?, ?);"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
            return $result;  
        }
        
        if (!($stmt->bind_param("iss", $itemID, $user, $mysqltime))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  

        }
        
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.")".$stmt->error;
            return $result;  
        }
        $stmt->close();
        
        //update status table    
        if(!($stmt = $this->conn->prepare("UPDATE Items SET CheckoutStatus = 'out' WHERE ItemID = ?;"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
            return $result;    
        }
        
        if (!($stmt->bind_param("i",$itemID))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  
        }
        
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.")".$stmt->error;
            return $result;  
        }
    
        else{
            $result = 0;
            $stmt->close();
        }

        return $result;
    }

    /**
     * Method to checkin item -- item can be checked in by anyone
     */
    public function checkinItem ($itemID){
    
    //result variable, defaulted to failure.  success sets to 0.
    $result = 1;
        
    //connect to database
    require_once 'connect.php';
    $dbc = new connect_DB;
    $this->conn = $dbc->connect();
    
    //http://stackoverflow.com/questions/9541029/insert-current-date-in-datetime-format-mysql
    $mysqltime = date("Y-m-d H:i:s");
    
    
    //check in item            
    if(!($stmt = $this->conn->prepare("UPDATE Checkout_Log SET DateIn = ? WHERE ItemID = ? AND DateIn is NULL;"))){
        echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        return $result;    
    }
        
    if (!($stmt->bind_param("si", $mysqltime, $itemID))){
        echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
        return $result;  
    }
        
    if(!($stmt->execute())){
        echo "Execute failed: (".$stmt->errno.")".$stmt->error;
        return $result;  
    }
    
    $stmt->close();
    
    //update status table    
    if(!($stmt = $this->conn->prepare("UPDATE Items SET CheckoutStatus = 'in' WHERE ItemID = ?;"))){
        echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;  
        return $result;  
    }
        
    if (!($stmt->bind_param("i",$itemID))){
        echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
        return $result;  
    }
        
    if(!($stmt->execute())){
        echo "Execute failed: (".$stmt->errno.")".$stmt->error;
        return $result;  
    }
    
    else{
        $result = 0;
        $stmt->close();
    }

    
        
    }


    /**
     * Method to get history list for given item
     */
    public function getHistory ($itemID){
                                   
    //connect to database
    require_once 'connect.php';
    $dbc = new connect_DB;
    $this->conn = $dbc->connect();
    
    
    //get values for array
    if(!($stmt = $this->conn->prepare('SELECT UserName, DateOut, DateIn FROM Checkout_Log WHERE ItemID = ? ORDER BY DateOut DESC'))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        
    if (!($stmt->bind_param("i",$itemID))){
        echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;        
    }
    
    if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
    }
    
    if(!$stmt->bind_result($uName, $Do, $Di)){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
    }
    
    $stmt->store_result();
    
    
    $result = array();    
    while($stmt->fetch()){        
        //push values to result array 
        array_push($result, "User: " . $uName . "\nDate out: ". $Do . "\nDate in: " . $Di); //display string
        
    }
    $stmt->close();
    return $result;
    }
    
    
    
    /**
     * Method to get checkin/checkout list for inventory display
     */
    public function basicSearch ($query){
                                    
    //connect to database
    require_once 'connect.php';
    $dbc = new connect_DB;
    $this->conn = $dbc->connect();
    
    
    //get values for array
    if(!($stmt = $this->conn->prepare('SELECT Name, ItemId, CheckoutStatus  FROM Items WHERE Name = ? || ItemID = ? || SerialNum = ?
        || Accessory = ? || SpecialFeature = ? || OperatingSystem = ?'))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        
    if (!($stmt->bind_param("sissss",$query, $query, $query, $query, $query, $query))){
        echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
        return $result;  
    }
    
    if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
    }
    
    if(!$stmt->bind_result($name, $id, $coStatus)){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
    }
    
    $stmt->store_result();
    
    
    $result = array();
    while($stmt->fetch()){ 
        
        //push values to result array 
        array_push($result, "ID: " . $id . "\nName: ". $name . "\nIn/Out: " . $coStatus); //display string
        array_push($result, $id); //id array
    }
    $stmt->close();
    return $result;
    }
    
    
    
    /**
    * Method to delete item
    */
    public function deleteItem ($itemID){
    
    //result variable, defaulted to failure.  success sets to 0.
    $result = 1;
        
    //connect to database
    require_once 'connect.php';
    $dbc = new connect_DB;
    $this->conn = $dbc->connect();
    
    //add ITEM to database            
    if(!($stmt = $this->conn->prepare("DELETE FROM Checkout_Log WHERE ItemID = ?"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
            return $result;  
        }
        
        if (!($stmt->bind_param("i", $itemID))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  

        }
        
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.")".$stmt->error;
            return $result;  
        }
        $stmt->close();
        
        //update status table    
        if(!($stmt = $this->conn->prepare("DELETE FROM Items WHERE ItemID = ?"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
            return $result;  
        }
        
        if (!($stmt->bind_param("i", $itemID))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  

        }
        
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.")".$stmt->error;
            $stmt->close();
            return $result;  
        }
        
    
        else{
            $result = 0;
            $stmt->close();
        }

        return $result;
    }
    
    
        /**
     * Method to get checkin/checkout list for inventory display
     */
    public function advSearch ($name, $id, $serial, $accessory, $specialfeature, $os){
                                    
    //connect to database
    require_once 'connect.php';
    $dbc = new connect_DB;
    $this->conn = $dbc->connect();
    
    //array for potential database table fields to search
    $fields = array();
    $fields[0] = "Name";
    $fields[1] = "ItemID";
    $fields[2] = "SerialNum";
    $fields[3] = "Accessory";
    $fields[4] = "SpecialFeature";
    $fields[5] = "OperatingSystem";
    
    //array for potential database table field values to search
    $input = array();
    $input[0] = $name;
    $input[1] = $id;
    $input[2] = $serial;
    $input[3] = $accessory;
    $input[4] = $specialfeature;
    $input[5] = $os;
    
    
    //populate array dynamically
    $queryArr = array();    
    for($i = 0; $i < sizeof($input); $i++){
        if($input[$i] != "null"){
            array_push($queryArr, $input[$i]);
            array_push($queryArr, $fields[$i]);
            
        }
    }   
    
    //based on array size, construct a compound query of querySize variables
    $querySize = sizeof($queryArr) / 2;
    
    if ($querySize == 1){
        
        //get values for array
        if(!($stmt = $this->conn->prepare("SELECT Name, ItemId, CheckoutStatus  FROM Items WHERE $queryArr[1] = ?"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        
        if (!($stmt->bind_param("s", $queryArr[0]))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  
        }
    
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }
        
    }
    else if ($querySize == 2){
                //get values for array
        //get values for array
        if(!($stmt = $this->conn->prepare("SELECT Name, ItemId, CheckoutStatus  FROM Items WHERE $queryArr[1] = ? && $queryArr[3] = ?"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        
        if (!($stmt->bind_param("ss", $queryArr[0], $queryArr[2]))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  
        }
    
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }
        
    }
    else if($querySize == 3){
        //get values for array
        if(!($stmt = $this->conn->prepare("SELECT Name, ItemId, CheckoutStatus  FROM Items WHERE $queryArr[1] = ? && $queryArr[3] = ? && 
            $queryArr[5] = ?"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        
        if (!($stmt->bind_param("sss", $queryArr[0], $queryArr[2], $queryArr[4]))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  
        }
    
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }
    }
    else if($querySize == 4){
                //get values for array
        if(!($stmt = $this->conn->prepare("SELECT Name, ItemId, CheckoutStatus  FROM Items WHERE $queryArr[1] = ? && $queryArr[3] = ? && 
            $queryArr[5] = ? && $queryArr[7] = ?"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        
        if (!($stmt->bind_param("ssss", $queryArr[0], $queryArr[2], $queryArr[4], $queryArr[6]))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  
        }
    
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }
    }
    else if($querySize == 5){
        //get values for array
        if(!($stmt = $this->conn->prepare("SELECT Name, ItemId, CheckoutStatus  FROM Items WHERE $queryArr[1] = ? && $queryArr[3] = ? && 
            $queryArr[5] = ? && $queryArr[7] = ? && $queryArr[9] = ?"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        
        if (!($stmt->bind_param("sssss", $queryArr[0], $queryArr[2], $queryArr[4], $queryArr[6], $queryArr[8]))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  
        }
    
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }
    }
    else if($querySize == 6){
        //get values for array
        if(!($stmt = $this->conn->prepare("SELECT Name, ItemId, CheckoutStatus  FROM Items WHERE $queryArr[1] = ? && $queryArr[3] = ? && 
            $queryArr[5] = ? && $queryArr[7] = ? && $queryArr[9] = ? && $queryArr[11] = ?"))){
            echo "Prepare failed (" . $stmt->errno . ") ". $stmt->error;
        }
        
        if (!($stmt->bind_param("ssssss", $queryArr[0], $queryArr[2], $queryArr[4], $queryArr[6], $queryArr[8], $queryArr[10]))){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
            return $result;  
        }
    
        if(!($stmt->execute())){
            echo "Execute failed: (".$stmt->errno.") ". $stmt->error;    
        }
    } 
       

    //get and return results
    if(!$stmt->bind_result($name, $id, $coStatus)){
            echo "Binding parameters failed: (".$stmt->errno.") ". $stmt->error;
    }
    
    $stmt->store_result();
    
    
    $result = array();
    while($stmt->fetch()){ 
        
        //push values to result array 
        array_push($result, "ID: " . $id . "\nName: ". $name . "\nIn/Out: " . $coStatus); //display string
        array_push($result, $id); //id array
    }
    $stmt->close();
    return $result;
    }
    

}
   
    
?>